Anmeldedienst Debug-Protokollierung

Enable netlogon logging for account lockout on Source DC

First Enable netlogon logs on source DC and review the log on lockout time, you find the lockout system/server details with IP address

  • Open CMD with Admin privilege (Command prompt)
  • Run below command
  • Nltest /DBFlag:2080FFFF
  • And run below commands to restart netlogon Service
  • net stop netlogon
  • net start netlogon

Wait for next lockout and open %windir%\debug\netlogon.log to review the logs

Also Read: How to extract bulk object from AD with list of attributes (Part 1)

Further Analysis to trace the lockout system

Some time even netlogon logs point to different DC/server, in that case you have to enable Enable netlogon logs on that DC/server to find the source of lockout

In my experience, find the sample account lockout scenario

  • Child Domain DC showing the root Domain DC
  • Root Domain DC shows the Trusted Domain DC
  • Trusted Domain DC shows different DC from Same Domain
  • Again this DC shows exchange server
  • Exchange server shows the handheld device IP

All you have to do trace the lockout system by enabling netlogon logs to reach the actual lockout system

Also Read: Windows Server Administrator Interview Questions and Answers


Debug-Protokollierung deaktivieren

activedirectory/logondienstdebug.txt · Zuletzt geändert: 2017/12/12 11:57 von ronny

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki